Add SSL_DANE typedef for consistency.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
This commit is contained in:
Rich Salz
parent
506e28b3e3
commit
b9aec69ace
7 changed files with 23 additions and 22 deletions
|
|
@ -298,7 +298,7 @@ static int verify_chain(X509_STORE_CTX *ctx)
|
|||
|
||||
int X509_verify_cert(X509_STORE_CTX *ctx)
|
||||
{
|
||||
struct dane_st *dane = (struct dane_st *)ctx->dane;
|
||||
SSL_DANE *dane = ctx->dane;
|
||||
|
||||
if (ctx->cert == NULL) {
|
||||
X509err(X509_F_X509_VERIFY_CERT, X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
|
||||
|
|
@ -665,7 +665,7 @@ static int check_trust(X509_STORE_CTX *ctx, int num_untrusted)
|
|||
int i;
|
||||
X509 *x = NULL;
|
||||
X509 *mx;
|
||||
struct dane_st *dane = (struct dane_st *)ctx->dane;
|
||||
SSL_DANE *dane = ctx->dane;
|
||||
int num = sk_X509_num(ctx->chain);
|
||||
int trust;
|
||||
|
||||
|
|
@ -2369,7 +2369,7 @@ void X509_STORE_CTX_set0_param(X509_STORE_CTX *ctx, X509_VERIFY_PARAM *param)
|
|||
ctx->param = param;
|
||||
}
|
||||
|
||||
void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, struct dane_st *dane)
|
||||
void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane)
|
||||
{
|
||||
ctx->dane = dane;
|
||||
}
|
||||
|
|
@ -2410,7 +2410,7 @@ static unsigned char *dane_i2d(
|
|||
|
||||
static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
|
||||
{
|
||||
struct dane_st *dane = (struct dane_st *)ctx->dane;
|
||||
SSL_DANE *dane = ctx->dane;
|
||||
unsigned usage = DANETLS_NONE;
|
||||
unsigned selector = DANETLS_NONE;
|
||||
unsigned ordinal = DANETLS_NONE;
|
||||
|
|
@ -2553,7 +2553,7 @@ static int dane_match(X509_STORE_CTX *ctx, X509 *cert, int depth)
|
|||
|
||||
static int check_dane_issuer(X509_STORE_CTX *ctx, int depth)
|
||||
{
|
||||
struct dane_st *dane = (struct dane_st *)ctx->dane;
|
||||
SSL_DANE *dane = ctx->dane;
|
||||
int matched = 0;
|
||||
X509 *cert;
|
||||
|
||||
|
|
@ -2578,7 +2578,7 @@ static int check_dane_issuer(X509_STORE_CTX *ctx, int depth)
|
|||
|
||||
static int check_dane_pkeys(X509_STORE_CTX *ctx)
|
||||
{
|
||||
struct dane_st *dane = (struct dane_st *)ctx->dane;
|
||||
SSL_DANE *dane = ctx->dane;
|
||||
danetls_record *t;
|
||||
int num = ctx->num_untrusted;
|
||||
X509 *cert = sk_X509_value(ctx->chain, num - 1);
|
||||
|
|
@ -2613,7 +2613,7 @@ static int check_dane_pkeys(X509_STORE_CTX *ctx)
|
|||
return X509_TRUST_UNTRUSTED;
|
||||
}
|
||||
|
||||
static void dane_reset(struct dane_st *dane)
|
||||
static void dane_reset(SSL_DANE *dane)
|
||||
{
|
||||
/*
|
||||
* Reset state to verify another chain, or clear after failure.
|
||||
|
|
@ -2637,7 +2637,7 @@ static int check_leaf_suiteb(X509_STORE_CTX *ctx, X509 *cert)
|
|||
static int dane_verify(X509_STORE_CTX *ctx)
|
||||
{
|
||||
X509 *cert = ctx->cert;
|
||||
struct dane_st *dane = (struct dane_st *)ctx->dane;
|
||||
SSL_DANE *dane = ctx->dane;
|
||||
int matched;
|
||||
int done;
|
||||
|
||||
|
|
@ -2707,7 +2707,7 @@ static int get_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *cert)
|
|||
|
||||
static int build_chain(X509_STORE_CTX *ctx)
|
||||
{
|
||||
struct dane_st *dane = (struct dane_st *)ctx->dane;
|
||||
SSL_DANE *dane = ctx->dane;
|
||||
int num = sk_X509_num(ctx->chain);
|
||||
X509 *cert = sk_X509_value(ctx->chain, num - 1);
|
||||
int ss = cert_self_signed(cert);
|
||||
|
|
|
|||
|
|
@ -110,7 +110,7 @@ struct dane_ctx_st {
|
|||
/*
|
||||
* Per connection DANE state
|
||||
*/
|
||||
struct dane_st {
|
||||
struct ssl_dane_st {
|
||||
struct dane_ctx_st *dctx;
|
||||
STACK_OF(danetls_record) *trecs;
|
||||
STACK_OF(X509) *certs; /* DANE-TA(2) Cert(0) Full(0) certs */
|
||||
|
|
|
|||
|
|
@ -158,6 +158,7 @@ typedef struct ec_key_method_st EC_KEY_METHOD;
|
|||
|
||||
typedef struct rand_meth_st RAND_METHOD;
|
||||
|
||||
typedef struct ssl_dane_st SSL_DANE;
|
||||
typedef struct x509_st X509;
|
||||
typedef struct X509_algor_st X509_ALGOR;
|
||||
typedef struct X509_crl_st X509_CRL;
|
||||
|
|
|
|||
|
|
@ -1578,7 +1578,7 @@ __owur int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
|
|||
* Bridge opacity barrier between libcrypt and libssl, also needed to support
|
||||
* offline testing in test/danetest.c
|
||||
*/
|
||||
struct dane_st *SSL_get0_dane(SSL *ssl);
|
||||
SSL_DANE *SSL_get0_dane(SSL *ssl);
|
||||
|
||||
__owur int SSL_CTX_set1_param(SSL_CTX *ctx, X509_VERIFY_PARAM *vpm);
|
||||
__owur int SSL_set1_param(SSL *ssl, X509_VERIFY_PARAM *vpm);
|
||||
|
|
|
|||
|
|
@ -262,7 +262,7 @@ struct x509_store_ctx_st { /* X509_STORE_CTX */
|
|||
/* For CRL path validation: parent context */
|
||||
X509_STORE_CTX *parent;
|
||||
CRYPTO_EX_DATA ex_data;
|
||||
struct dane_st *dane;
|
||||
SSL_DANE *dane;
|
||||
/* signed via bare TA public key, rather than CA certificate */
|
||||
int bare_ta_signed;
|
||||
} /* X509_STORE_CTX */ ;
|
||||
|
|
@ -536,7 +536,7 @@ int X509_STORE_CTX_set_default(X509_STORE_CTX *ctx, const char *name);
|
|||
* Bridge opacity barrier between libcrypt and libssl, also needed to support
|
||||
* offline testing in test/danetest.c
|
||||
*/
|
||||
void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, struct dane_st *dane);
|
||||
void X509_STORE_CTX_set0_dane(X509_STORE_CTX *ctx, SSL_DANE *dane);
|
||||
|
||||
/* X509_VERIFY_PARAM functions */
|
||||
|
||||
|
|
|
|||
|
|
@ -257,7 +257,7 @@ static void tlsa_free(danetls_record *t)
|
|||
OPENSSL_free(t);
|
||||
}
|
||||
|
||||
static void dane_final(struct dane_st *dane)
|
||||
static void dane_final(SSL_DANE *dane)
|
||||
{
|
||||
sk_danetls_record_pop_free(dane->trecs, tlsa_free);
|
||||
dane->trecs = NULL;
|
||||
|
|
@ -344,7 +344,7 @@ static int dane_mtype_set(
|
|||
return 1;
|
||||
}
|
||||
|
||||
static const EVP_MD *tlsa_md_get(struct dane_st *dane, uint8_t mtype)
|
||||
static const EVP_MD *tlsa_md_get(SSL_DANE *dane, uint8_t mtype)
|
||||
{
|
||||
if (mtype > dane->dctx->mdmax)
|
||||
return NULL;
|
||||
|
|
@ -352,7 +352,7 @@ static const EVP_MD *tlsa_md_get(struct dane_st *dane, uint8_t mtype)
|
|||
}
|
||||
|
||||
static int dane_tlsa_add(
|
||||
struct dane_st *dane,
|
||||
SSL_DANE *dane,
|
||||
uint8_t usage,
|
||||
uint8_t selector,
|
||||
uint8_t mtype,
|
||||
|
|
@ -883,7 +883,7 @@ int SSL_CTX_dane_enable(SSL_CTX *ctx)
|
|||
|
||||
int SSL_dane_enable(SSL *s, const char *basedomain)
|
||||
{
|
||||
struct dane_st *dane = &s->dane;
|
||||
SSL_DANE *dane = &s->dane;
|
||||
|
||||
if (s->ctx->dane.mdmax == 0) {
|
||||
SSLerr(SSL_F_SSL_DANE_ENABLE, SSL_R_CONTEXT_NOT_DANE_ENABLED);
|
||||
|
|
@ -926,7 +926,7 @@ int SSL_dane_enable(SSL *s, const char *basedomain)
|
|||
|
||||
int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
|
||||
{
|
||||
struct dane_st *dane = &s->dane;
|
||||
SSL_DANE *dane = &s->dane;
|
||||
|
||||
if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
|
||||
return -1;
|
||||
|
|
@ -942,7 +942,7 @@ int SSL_get0_dane_authority(SSL *s, X509 **mcert, EVP_PKEY **mspki)
|
|||
int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
|
||||
uint8_t *mtype, unsigned const char **data, size_t *dlen)
|
||||
{
|
||||
struct dane_st *dane = &s->dane;
|
||||
SSL_DANE *dane = &s->dane;
|
||||
|
||||
if (!DANETLS_ENABLED(dane) || s->verify_result != X509_V_OK)
|
||||
return -1;
|
||||
|
|
@ -961,7 +961,7 @@ int SSL_get0_dane_tlsa(SSL *s, uint8_t *usage, uint8_t *selector,
|
|||
return dane->mdpth;
|
||||
}
|
||||
|
||||
struct dane_st *SSL_get0_dane(SSL *s)
|
||||
SSL_DANE *SSL_get0_dane(SSL *s)
|
||||
{
|
||||
return &s->dane;
|
||||
}
|
||||
|
|
@ -4115,7 +4115,7 @@ int ssl_validate_ct(SSL *s)
|
|||
int ret = 0;
|
||||
X509 *cert = s->session != NULL ? s->session->peer : NULL;
|
||||
X509 *issuer;
|
||||
struct dane_st *dane = &s->dane;
|
||||
SSL_DANE *dane = &s->dane;
|
||||
CT_POLICY_EVAL_CTX *ctx = NULL;
|
||||
const STACK_OF(SCT) *scts;
|
||||
|
||||
|
|
|
|||
|
|
@ -1015,7 +1015,7 @@ struct ssl_st {
|
|||
X509_VERIFY_PARAM *param;
|
||||
|
||||
/* Per connection DANE state */
|
||||
struct dane_st dane;
|
||||
SSL_DANE dane;
|
||||
|
||||
/* crypto */
|
||||
STACK_OF(SSL_CIPHER) *cipher_list;
|
||||
|
|
|
|||
Loading…
Reference in a new issue